Σχόλια 0

Το κείμενο της παρουσίασης

ADNETSlide 1Network Security: FromFirewalls to InternetCritters—Some Issues forDiscussionADNETSlide 2Presentation Contents!Firewalls!Viruses!Worms and Trojan Horses!Securing Information ServersADNETSlide 3Section 1:Firewalls—What they are andhow to build themADNETSlide 4What is a Firewall?!A barrier between internal and external environments,designed to prevent outsiders from accessing yourdata.!Offer the greatest security by giving multiple levels ofprotection while allowing necessary services.!Not necessarily a single piece of hardware orsoftware.!Audit or log Internet usage, keep statistics!Act as a central point of contactADNETSlide 5Firewalls!What are the threats!Curious crackers!Vandals•System Downtime•Network Outages•Telephone line use!Accidental data disclosure•Privacy issuesADNETSlide 6Firewalls!Network Security Paradigms!That which is not expressly permitted is prohibited•firewall blocks everything? - services must beindividually enabled on a case by case basis•Administrator must take steps to support each service•Users may see firewall as a hindrance!That which is not expressly prohibited is permitted•Firewall blocks services that are known security risks•Users can potentially introduce security holes in systemADNETSlide 7Some Questions to Ask!If the firewall is breached, what kind of damage could bedone to private net?!How big is the zone of risk?!How easy is it to detect that a break in or destructionhas occurred?!How much audit information will be kept for diagnosis?!How inconvenient is the firewall to the users?ADNETSlide 8Firewall Precautions! Do not run Network Information System (NIS) on thefirewall (like having the Yellow Pages)! Ensure strong passwords and filesystem protection on thefirewall! Eliminate all non-essential services! Do not mount remote NFS filesystems on the firewallmachine! Enable extensive logging!Don’t allow user accounts on firewall machinesADNETSlide 9Firewall Costs!Obvious Costs!Hardware!Software!Hidden Costs!Maintenance!Administration!Loss of Services Due to Security!Violation Potential!TrainingFirewall CostsADNETSlide 10Firewall CategoriesScreening Routers!Least secure method!Can be a commercial router or host that supportspacket screening, eg Cisco, Proteon, 3Com!Block traffic between networks, hosts, IP ports,protocols or packet types!Some screening routers permit various levels andtypes of packet logging!May be the only component in a firewall!Design Philosophy - “That which is not expresslyprohibited is permitted”ADNETSlide 11Screening RouterPlacement“OutsidePort”Internet“InsidePort”Outgoing packetsIncoming packetsOutgoing packetsIncoming packetsScreening RouterRejected fromExt. Network:Telnet, ftp,etc.Types of FirewallsADNETSlide 12Packet Filter Questions" Where is the filtering to be done? On input, output, orboth?" What attributes (i.e. protocol, source, destination, etc)can be checked?" How are protocols other than TCP, UDP handled?" Can source routed packets be rejected?" How comprehensible is the filter language? Can youcontrol the order of application of the rules?ADNETSlide 13Firewall CategoriesRisks of Screening Routers!Very minimal logging information!Difficult to configure screening rules!Entire network can be unprotected if firewall isbreached!Addition of new services may open holes!Can be bypassed by tunnelling, eg DNS.!Can be vulnerable? to source routed traffic!Some protocols not suited to packet filtering, eg rcp,rlogin, rsh, rdist, NFS, NISADNETSlide 14Firewall CategoriesBastion Hosts!Only system visible to external network!Special systems identified as network “strong points”!Often act in capacity of E-mail relays, name servers,FTP servers, Usenet servers etc,.!Generally, a Bastion Host is one that is recognized asa potential point of attack and will have extraattention paid to its security, audits, software etc.!Should not be “trusted”ADNETSlide 15Bastion HostExternal NetworkInternal NetworkBastion Host...InternetBastion Host is only nodevisible to external netADNETSlide 16Firewall CategoriesDual Homed Gateway!Special case of Bastion Host!Reachable from both Internet and private network,with IP forwarding turned off (direct traffic betweenthe networks is blocked)!All traffic relayed through application level filters,must pass security checks before being passed on!No user login accounts allowed on the system!All connections are logged so that a complete audittrail is availableADNETSlide 17Dual Homed GatewayInternetNetworkInterfaceExternalNetworkInterfaceInternalFirewallPacketforwarderADNETSlide 18Dual Homed GatewayDisadvantages:! difficult to set up properly! turning off IP source routing! difficult to manage! large number of users! usually require a number of services! inconvenient to use! users first have to access the dual homed host andthen access services (services can’t be accesseddirectly from the desktop)ADNETSlide 19Firewall CategoriesScreened Host Gateway!Most common and flexible form of Firewall!Screening Router blocks traffic between Internet andall hosts on private network except for a singleBastion Host!Screening Router can be configured to permit nodeson private network to directly access Internet viaTelnet or FTP.!Screening router is usually configured to block trafficto the Bastion host on specific portsADNETSlide 20Screened Host GatewayBASTIONHOSTScreeningRouterExternal NetworkInternetInternal NetworkADNETSlide 21Screened Host Gateway!Advantages:!added security over a single bastion host!fairly easy to implement!Disadvantages:!requires a router and a bastion host!intruder detection depends on loggingproceduresADNETSlide 22Firewall CategoriesScreened Subnet!Creates isolated subnet between Internet and privatenetwork!Internet can only communicate with nodes on theScreened Subnet!Private network nodes can only communicate withnodes on the Screened Subnet!The private network becomes effectively invisible tothe InternetADNETSlide 23Screened Subnet!Advantages:!sandbox or demilitarized zone between the protectednetwork and the Internet!direct traffic across the screened subnet is blocked!Only the Bastion host is at risk!good for high volume and high speed traffic!Disadvantages:!complexity of configuring screening routers!entire network is reachable from the outside ifscreening routers failADNETSlide 24Screened SubnetBastion HostScreening RouterScreening RouterInternal NetworkExternal NetworkInternetADNETSlide 25Firewall CategoriesProxy or Application Gateway!Handle store and forward traffic and some types ofinteractive traffic!Handle traffic at an application level!Can easily log/audit traffic!Can have extra security built in as needed!Examples:•Sendmail•Telnet•FTP•Web ServerADNETSlide 26Telnet ApplicationGatewayTelnetApplicationGatewayOutput of ApplicationsOutput of ApplicationsforwardedKeystrokesforwardedUser’sKeystrokesInternetLog of ConnectionsADNETSlide 27Evaluating ApplicationGateways!What applications are supported? (mail,gopher, X11)!Are specialized client programs needed?!How are the difficult services, such as FTPand X11, handled?!Are the logging, access control, and filteringroutines adequately documented?!What sorts of logs and authenticationmechanisms are provided?!Are any traps or lures provided? Can you addyour own?ADNETSlide 28Application Gateways! Advantages:! allow users to access internet services directly! good logging procedures! provide some form of authentication! Disadvantages:! new services need to be provided! burden the firewall administrator! proxy services are not workable for some services! require two steps to connect inbound andoutbound trafficADNETSlide 29Firewall Summary!Use Common Sense!Keep It Simple!Trial and Error!Use Help Resources!Rely on the tools you know and understandADNETSlide 30Section 2:Viruses and how tocombat themADNETSlide 31Viruses!“Infect” computer executable programs by attachingthemselves to these programs!May contain a “trigger” to perform some specific actwhen certain conditions are met!Once infected, a program will infect other programswhen it executes, thus spreading the virus!Can be downloaded with programs off the Internet!Most are benign, but may cause erratic behavior?!Cannot infect a computer via e-mail, or infect data!Various virus tools are available to counteract themADNETSlide 32Virus Examples!The WDEF Virus causes computer to beep,frequently crash or display fonts incorrectly!nVIR Virus causes computer to beep every 8 to 16times it is started!A newly discovered Mac Virus called “HC 9507”infects the HyperCard application.!HC 9507 does not infect system files or otherapplications!May cause screen to fade in and out, type “pickle”automatically or a system shutdown or lockup.ADNETSlide 33Virus Tools!Detect the presence of a virus on a system!Static Analysis—can inspect diskettes beforeinstallation, or test system on a regular basis!Interception—halt the execution of an infectedprogram as the virus attempts to replicate!Modification—search for the unexpected modificationof programs!Identification—identify which particular virus hasinfected a system!Removal—attempt to remove all virusesADNETSlide 34Virus Tools Selection Factors!Accuracy•Detection Tools—false positives, false negatives•Identification—fails to correctly identify virus•Removal—hard failure and soft failure!Ease of use—difficulty in using system,presentation of results!Administrative Overhead—load on technicalsupport team!System Overhead—load on systemADNETSlide 35Section 3:Internet Worms and TrojanHorses—descriptions andsome examplesADNETSlide 36Internet Worms!Use Network services to propagate•Network mail utility•Remote execution capability•Remote login capability!Do not require a “host” program to spread!Originally designed for useful purpose!Can spread to many systems very quicklyADNETSlide 37Trojan HorseTrojan Horse:!A program that disguises itself by purporting toaccomplish some useful function.!For example, a Trojan horse program could beadvertised as a calculator, but it may actually performsome other function when executed, such asmodifying files.!Cannot infect other machines unless it is run on themADNETSlide 38Trojan Horse ExamplePKZ300B:!Version 3.00G of PKWARE’s shareware DOS datacompression utility!Distributed as a self extracting archive,PKZ300B.EXE, which contains a Trojan Horse!If run, will destroy all data on a PC’s hard drive!Will only affect the machine on which it is run!Latest? actual release of PKZip is v2.04GADNETSlide 39Section 4:Securing InternetInformation ServersADNETSlide 40General Guidelines!Information server should be a dedicatedsystem!Server process should run with as littleprivilege as possible!Server software should be executed in arestricted file space!Administrators should closely monitor theintegrity of the system and informationADNETSlide 41Anonymous FTP Servers!No files or directories should be owned byuser “ftp”!No encrypted passwords should be in the file‘~ftp/etc/password’!If possible, no files or directories should bewritable by anonymous usersADNETSlide 42Web Server Security!Run the server daemon as a nonprivilegeduser (“nobody”), rather than as root!Turn off “Server Includes” or “Server Parsed”options!Write CGI scripts (for user input) carefully!Run the server in a restricted portion of thefile space (use chroot for Unix)